Actually, there is a good reason to use nsswitch.conf setup as: hosts then dns (and perhaps then nis). As mentioned, some DNS servers aren't maintained as a critical network tool and things go down hard when DNS goes out. And while nsswitch.conf can specify the next alternative, each request can take 15-20 seconds per request for a timeout.
These long delays are often confused with overloaded networking or permission issues, but they are simple timeouts that create a lot of problems. So a workaround is to create a small /etc/hosts file on each server. Most servers use a small number of unique hosts regularly.
And most important, many network backup tools (including Omniback) will perform a DNS lookup for EVERY file it stores on tape (commercial backup tools can backup multiple hosts at the same time so each file must also have the source's name and IP stored too). This means that the DNS server (and network) can get slammed with dozens of requests per second during a backup. If /etc/hosts provides the IP/name service for selected systems, no network traffic and much faster lookup times.
But the most important is to survive a DNS failure. By coding the most important IP/name entries in /etc/hosts, the server can continue without DNS.
As far as the vendor's requirement, this is quite possible. IP address lookup is not a kernel function at all--it is user-space code and if anyone remembers the old days of HP-UX when there was no nsswitch.conf support, the number of pieces of code that had to be patched to support this file was lengthy. Xwindows did it one, telnet another, DCE still another way, NFS, remsh, and the list goes on.
So for reliability, I would recommend /etc/hosts be populated with important IP/names and setup nsswitch.conf to use hosts, then DNS and if available, nis.
Bill Hassell, sysadmin
